IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. Presented by Richard Marko, Manager of Technical Services Sponsored by Midland Information Systems, Inc.
Areas of Focus: Advantages of Encryption Challenges and Risks Enforcive s Solution Steps to Implement Algorithms Available Key Management High Availability Usage
Advantages of Encryption Additional layer of data protection enforcing: Authentication and Authorization Data Integrity Confidentiality Audit Requirements Compliance to Regulations - PCI DSS - GLBA - FDA 21 CFR Part 11 - SOX - HIPAA - Basel II Accord
Challenges and Risks Compliance Requirements are increasingly more advanced and providing proof of compliance to auditors more difficult. Attackers are more likely to target key management vulnerabilities than break algorithm standards. Program changes required / Overly complex implementation
Enforcive s Solution Enforcive/Encryption includes: Field Encryption Encrypts the field in the database without application changes. Field Masking On the fly, masks the field to the unauthorized user. Field Scrambling On the fly, scrambles the numeric value of the field to the unauthorized user. SAVF Encryption Encrypts save files for safe transmission/delivery.
Enforcive s Solution Benefits: No application changes User-friendly GUI interface Integration with Enforcive/ES leveraging existing settings and configurations
Enforcive s Solution Allocation of data keys is done within the GUI by assigned roles to security personnel Field authorities utilize our wide range of account types All activity is logged for audit purposes Reports can easily be generated for auditors
Commands Provided ENCSTREND Start/End Encryption for one field ENCMSSTART Start Encryption by library and file ENCMSEND End Encryption by library and file ENCSTRSAVF Encrypt a save file (*SAVF) ENCENDSAVF Decrypt a save file (*SAVF)
Why is it so Easy? FIELDPROC = Field Procedures IBM new feature built into OS V7R1 Column and Field level exit point No need for application changes Allows for implementation of Encryption SW
Encryption Algorithms Name Description Key Key Length Strength AES256 AES192 AES128 Advanced Encryption Standard Advanced Encryption Standard Advanced Encryption Standard 14 cycles of repetition 12 cycles of repetition 10 cycles of repetition TDES24 Triple DES Uses 3 independent key parts TDES16 Triple DES Uses 3 independent key parts TDES8 Triple DES Uses 3 independent key parts 256 bits 192 bits 128 bits 192 bits 128 bits 64 bits DES Data Encryption Standard One key 56 bits
AES is the baest Advanced Encryption Standard or Rijndael; it uses the Rijndael block cipher approved by the National Institute of Standards and Technology (NIST). AES was originated by cryptographers Joan Daemen and Vincent Rijmen and replaced DES as the U.S. Government encryption technique in 2000. AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is based on a design principle known as a substitution-permutation network, and is fast in both software and hardware. AES is still unbreakable.
Key Management
Key Management 2 Tier Encryption Master key and Data key Option for Local or Remote key location Security on who provides 4 Data Key segments for segregation of duties Integration with Enforcive/ES account types for easy definition of user access to Encrypted/ Decrypted data
High Availability (HA) Usage Enforcive/Encryption works in high availability environments without any special measures being taken. HA backup databases will be identical to the production system and will contain the master and data keys needed to encrypt and decrypt the data.
Steps to Implement 1 Setup Master and Data Keys 2 Determine Data Key Administrators 3 Configure Fields to be Encrypted 4 Setup Field Authorities 5 Start Encryption!
Thank you! Questions? Comments? Evaluation Request? Contact us! Toll Free: (888) 682-5335 Email: solutions@midlandinfosys.com